15 September 2019
Swati Khandelwal’s report (1) on NetCAT, published on 9/11/2019 in The Hacker News, scared me somewhat. Security researchers (2) from the Vrije University in Amsterdam discovered a new type of side-channel attack in Intel server processors which can be exploited across the network. This is really frightening.
As always in the case of hardware vulnerabilities, NetCAT is broadly discussed in the security community. A Google search for “CVE-2019-11184” shows 6.340 hits (as of 9/14/2019 8 pm).
Intel (3) classified CVE-2019-11184 as follows: CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N
Attack vector Adjacent is defined in the CVSS V3.1 specification document as follows: “The vulnerable component is bound to the network stack, but the attack is limited at the protocol level to a logically adjacent topology.”
With this, the attacker must have compromised the network before he can start the attack. In addition, the attacker must compromise “a machine which communicates over RDMA to an application server that supports DDIO”.(2)
So, NetCAT is not that dangerous than the reports suggest.
What goals can be achieved by exploiting this vulnerability?
In secured networks with latest patches applied, this technique can be used to spy on all kind of secrets, e.g. the passwords of high privileged accounts, for the complete takeover of the network.
What organizations should be concerned?
My conclusion: From a technical point of view, NetCAT shows again the shortcomings of the current processor architectures. Regarding the applicability in attacks, NetCAT is somewhat overestimated.
Have a great weekend.
- Khandelwal S. NetCAT: New Attack Lets Hackers Remotely Steal Data From Intel CPUs [Internet]. The Hacker News. 2019 [cited 2019 Sep 12]. Available from: https://thehackernews.com/2019/09/netcat-intel-side-channel.html
- Kurth M, Gras B, Andriesse D, Giuffrida C, Bos H, Razavi K. NetCAT: Practical Cache Attacks from the Network. 2019. Available from: https://www.cs.vu.nl/~herbertb/download/papers/netcat_sp20.pdf
- Intel Security Center. INTEL-SA-00290 [Internet]. Intel Security Center. 2019 [cited 2019 Sep 12]. Available from: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00290.html